Описание
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.
Ссылки
- https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73PatchThird Party Advisory
- PatchThird Party Advisory
- https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.0 (исключая)
cpe:2.3:a:excel_streaming_reader_project:excel_streaming_reader:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.0035
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611
CWE-776
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
EPSS
Процентиль: 57%
0.0035
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611
CWE-776